CVE-2007-6342

Name of the Vulnerable Software and Affected Versions David Castro AuthCAS module (AuthCAS.pm) version 0.4

Description The issue allows remote attackers to execute arbitrary SQL commands via the SESSION COOKIE NAME (session ID) in a cookie. This is a SQL injection vulnerability in the David Castro AuthCAS module for the Apache HTTP Server.

Recommendations For version 0.4, consider restricting access to the AuthCAS module until a patch is available. As a temporary workaround, avoid using the SESSION COOKIE NAME parameter in cookies to minimize the risk of exploitation.